Fuzz testing

Fuzz testing a simple technique for feeding random input to applications. There are two types of fuzz testing categories:

1. Completely random data

2. Partially incorrect data

Random data is a series of arbitrary bytes sent to the interface that is then read by the interface. Partially incorrect data is data that is accurately formed but that might contain invalid values.

Fuzz testing has the following additional characteristics:

1. If the application crashes or hangs, it is considered to fail the test, otherwise it passes. Note that the application does not have to respond in a sensible manner to the input, and it can even quietly exit.

2. Fuzz testing can be automated to a high degree and results can be compared across applications, operating systems, and vendors. There are plenty of tools that exist to perform automated fuzz testing.

Test Cases

1. Perform random data fuzz testing on web service APIs simultaneously. Use a valid body but random data values. Validate that no application crashes. Use of XML fuzzers can help.

2. For the other web services, send boundary condition values (i.e. -1), various Unicode settings, un-escaped and escaped XML entities, type mismatches (i.e. int instead of string), out-of-range data, malformed fragments (i.e. content length says 2K but is really 1K), extraneous headers, binary garbage, extremely large/small payloads, case variations, extra SOAP headers, nonexistent SOAP methods, using too many methods in SOAP method, too few parameters in SOAP methods.

3. Perform code coverage of the input validation code.

author

Vinay Jagtap

A hard core Technocrat with over a decade of extensive experience in heading complex test projects coupled with real time experience of project management and thought leadership. Extensive experience in Performance, Security and Automation Testing and development of automation frameworks and ability to setup and execute Global service centers and Center of Excellences for testing.

Get Free Email Updates to your Inbox!

www.CodeNirvana.in

Powered by Blogger.

Translate

Total Pageviews

Copyright © T R I A G E D T E S T E R